• 



25 



Claims 



10 



y3 



!• 

U 20 



25 



1. Method for monitoring of a communication link between a source network 
node and a destination network node, which communication link employs the IPSec 
protocol, said method comprising at least the step of transmission of an 
acknowledgement packet by the destination network node if at least one of a first 
condition and a second condition is fulfilled, 

said first condition being the reception of at least a predetermined number of IPSec 
packets after transmission of the previous acknowledgement packet, and 
said second condition being the reception of a packet via the communication link 
after a predetermined time has passed after transmission of the previous 
acknowledgement packet. 

2. A method according to claim 1, wherein said acknowledgement packet 
comprises at least the sequence number of the last received IPSec packet and at least 
one value corresponding to the amount of data received via the communication link. 

3. A method according to claim 2, wherein said acknowledgement packet 
comprises at least a packet counter value indicating the number of packets received 
via the communication link. 

4. A method according to claim 2, wherein said acknowledgement packet 
comprises at least a byte counter value indicating the number of bytes received via 
the communication link. 

5. A method according to claim 2, wherein said acknowledgement packet 
comprises at least a packet counter value indicating the number of packets received 
via the communication link and a byte counter value indicating the number of bytes 
received via the communication link. 

6. A method according to claim 2, further comprising at least the step of 
determining the packet success rate of the communication link at least partly on the 
basis of information contained in an acknowledgement packet. 
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7. A method according to claim 2, further comprising at least the step of 
determining the throughput of the communication link at least partly on the basis of 
information contained in an acknowledgement packet. 
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8. A method according to claim 1, further comprising at least the steps of 

- storing of the sequence number and the transmission time of each IPSec packet 
transmitted from the source network node to the destination network node in a 
memory means, and 

- determining the round trip time of the communication link on the basis of the 
reception time of an acknowledgement packet and the stored transmission time of 
the corresponding transmitted packet. 

9. Method for monitoring of a plurality of communication links between a source 
network site and a destination network site, each of the sites having at least one 
network node, 

in which method an active communication link is monitored and an inactive 
communication link is monitored, 

said method comprising at least the following steps for monitoring an active 

communication link between the source network site and the destination network 

site, the active communication link employing the IPSec protocol: 

the step of transmission of an acknowledgement packet by the destination network 

node if at least one of a first condition and a second condition is fulfilled, 

said first condition being the reception of at least a predetermined number of IPSec 

packets after transmission of the previous acknowledgement packet, and 

said second condition being the reception of a packet via the communication link 

after a predetermined time has passed after transmission of the previous 

acknowledgement packet, 

and said method comprising at least the following steps for monitoring an inactive 
communication link between the source network site and the destination network 
site: 

- transmitting a probe packet from a source node at the source network site via said 
inactive communication link to a destination node at the destination network site, 

- storing the transmission time of said probe packet in a memory means, 

- transmitting a response packet from said destination node to said source node as a 
response to receiving a probe packet, 

- determining the round trip time of said inactive communication link from the 
difference of the reception time of the response packet and the stored transmission 
time of the corresponding probe packet. 



10. A method according to claim 9, said method further comprising the steps of 



# » 

27 

- transmitting a plurality of probe packets from said source node at the source 
network site via said inactive communication link to said destination node at the 
destination network site, 

- receiving response packets to said probe packets, and 

5 - determining the packet success rate of said inactive communication link from the 
number of said received response packets and the number of transmitted probe 
packets. 

11. A network node for communicating with the IPSec protocol with a second 
10 network node via a communication link, said network node comprising at least 

- means for receiving acknowledgement packets for IPSec packets transmitted by 
the network node, 

- means for obtaining a sequence number of an IPSec packet from a received 
acknowledgement packet, 

15 - means for obtaining a value from the acknowledgement packet, said value 
corresponding to the amount of data received via the communication link by the 
second network node, and 

- means for determining the packet success rate of the communication link at least 
partly on the basis of said value. 

20 

12. A network node according to claim 11, further comprising at least means for 
determining the throughput of the communication link at least partly on the basis of 
said value. 

25 13. A network node according to claim 11, further comprising at least 

- means for storing in a memory means the sequence number and the transmission 
time of each IPSec packet transmitted by the network node via the communication 
link, and 

- means for determining the round trip time of the communication link on the basis 
30 of the reception time of an acknowledgement packet and the stored transmission 

time of the corresponding transmitted packet. 

14. A network node for communicating with the IPSec protocol with a second 
network node via a communication link, said network node comprising at least 
35 means for transmission of an acknowledgement packet if at least one of a first 
condition and a second condition is fulfilled, 

said first condition being the reception of at least a predetermined number of IPSec 
packets after transmission of the previous acknowledgement packet, and 
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said second condition being the reception of a packet via the communication link 
after a predetermined time has passed after transmission of the previous 
acknowledgement packet. 

15. A network node according to claim 14, said network node further comprising 
at least means for including a sequence number of a received IPSec packet and at 
least one value corresponding to the amount of data received via the communication 
link in said acknowledgement packet. 

16. A network node according to claim 15, said network node further comprising 
at least means for including a packet counter value in said acknowledgement packet, 
said packet counter value indicating the number of packets received via the 
communication link. 

17. A network node according to claim 15, said network node further comprising 
at least means for including a byte counter value in said acknowledgement packet, 
said byte counter value indicating the number of bytes received via the 
communication link. 

18. A network node for communicating with the IPSec protocol with a second 
network node via a communication link, said network node comprising at least 

- means for transmission of an acknowledgement packet if at least one of a first 
condition and a second condition is fulfilled, 

said first condition being the reception of at least a predetermined number of IPSec 
packets after transmission of the previous acknowledgement packet, and 
said second condition being the reception of a packet via the communication link 
after a predetermined time has passed after transmission of the previous 
acknowledgement packet, 

- means for receiving acknowledgement packets for IPSec packets transmitted by 
the network node, 

- means for obtaining a sequence number of an IPSec packet from a received 
acknowledgement packet, 

- means for obtaining a value from the acknowledgement packet, said value 
corresponding to the amount of data received via the communication link by the 
second network node, and 

- means for determining the packet success rate of the communication link at least 
partly on the basis of said value. 
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19. Software program product for a network node for communicating with the 
IPSec protocol with a second network node via a communication link, said software 
program product comprising at least 

- software program code means for transmission of an acknowledgement packet if at 
least one of a first condition and a second condition is fulfilled, 

said first condition being the reception of at least a predetermined number of IPSec 
packets after transmission of the previous acknowledgement packet, and 
said second condition being the reception of a packet via the communication link 
after a predetermined time has passed after transmission of the previous 
acknowledgement packet, 

- software program code means for receiving acknowledgement packets for IPSec 
packets transmitted by the network node, 

- software program code means for obtaining a sequence number of an IPSec packet 
from a received acknowledgement packet, 

- software program code means for obtaining a value from the acknowledgement 
packet, said value corresponding to the amount of data received via the 
communication link by the second network node, and 

- software program code means for determining the packet success rate of the 
communication link at least partly on the basis of said value. 



